Vulnerabilities > CVE-2010-0395
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100622.NASL description This update of OpenOffice_org does not allow macros written in Python to be executed without permission, CVE-2010-0395. last seen 2020-06-01 modified 2020-06-02 plugin id 47756 published 2010-07-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47756 title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (openSUSE-SU-2010:0386-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update OpenOffice_org-base-drivers-postgresql-2578. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(47756); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2010-0395"); script_name(english:"openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (openSUSE-SU-2010:0386-1)"); script_summary(english:"Check for the OpenOffice_org-base-drivers-postgresql-2578 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of OpenOffice_org does not allow macros written in Python to be executed without permission, CVE-2010-0395." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=607095" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-07/msg00016.html" ); script_set_attribute( attribute:"solution", value:"Update the affected OpenOffice_org-base-drivers-postgresql packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-base-drivers-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-libs-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-libs-core-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-libs-core-l10n-prebuilt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-mailmerge"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"OpenOffice_org-base-drivers-postgresql-3.0.0.9-1.12.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"OpenOffice_org-gnome-3.0.0.9-1.12.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"OpenOffice_org-kde-3.0.0.9-1.12.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"OpenOffice_org-libs-core-3.0.0.9-1.12.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"OpenOffice_org-libs-core-devel-3.0.0.9-1.12.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"OpenOffice_org-libs-core-l10n-prebuilt-3.0.0.9-1.12.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"OpenOffice_org-mailmerge-3.0.0.9-1.12.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenOffice"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-19.NASL description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77467 published 2014-09-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77467 title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201408-19. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(77467); script_version("1.10"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2006-4339", "CVE-2009-0200", "CVE-2009-0201", "CVE-2009-0217", "CVE-2009-2949", "CVE-2009-2950", "CVE-2009-3301", "CVE-2009-3302", "CVE-2010-0395", "CVE-2010-2935", "CVE-2010-2936", "CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643", "CVE-2011-2713", "CVE-2012-0037", "CVE-2012-1149", "CVE-2012-2149", "CVE-2012-2334", "CVE-2012-2665", "CVE-2014-0247"); script_bugtraq_id(35671, 36200, 38218, 40599, 42202, 46031, 49969, 52681, 53570, 54769, 68151); script_xref(name:"GLSA", value:"201408-19"); script_name(english:"GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201408-19" ); script_set_attribute( attribute:"solution", value: "All OpenOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-bin-3.5.5.3' All LibreOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-4.2.5.2' All LibreOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-bin-4.2.5.2' We recommend that users unmerge OpenOffice: # emerge --unmerge 'app-office/openoffice'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(94, 119, 189, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-office/libreoffice", unaffected:make_list("ge 4.2.5.2"), vulnerable:make_list("lt 4.2.5.2"))) flag++; if (qpkg_check(package:"app-office/libreoffice-bin", unaffected:make_list("ge 4.2.5.2"), vulnerable:make_list("lt 4.2.5.2"))) flag++; if (qpkg_check(package:"app-office/openoffice-bin", unaffected:make_list("ge 3.5.5.3"), vulnerable:make_list("lt 3.5.5.3"))) flag++; if (qpkg_check(package:"app-office/openoffice", unaffected:make_list(), vulnerable:make_list("le 3.5.5.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenOffice / LibreOffice"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-949-1.NASL description Marc Schoenefeld discovered that OpenOffice.org would run document macros from the macro browser, even when macros were disabled. If a user were tricked into opening a specially crafted document and examining a macro, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 46836 published 2010-06-08 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46836 title Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openoffice.org vulnerability (USN-949-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-949-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(46836); script_version("1.12"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2010-0395"); script_xref(name:"USN", value:"949-1"); script_name(english:"Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : openoffice.org vulnerability (USN-949-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Marc Schoenefeld discovered that OpenOffice.org would run document macros from the macro browser, even when macros were disabled. If a user were tricked into opening a specially crafted document and examining a macro, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/949-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:broffice.org"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cli-uno-bridge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmythes-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libuno-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libuno-cli-basetypes1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libuno-cli-cppuhelper1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libuno-cli-oootypes1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libuno-cli-ure1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libuno-cli-uretypes1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-openoffice.org"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-base-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-calc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-dev-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-draw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-dtd-officedocument1.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-emailmerge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-evolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-filter-binfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-filter-mobiledev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-gcj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-impress"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-java-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-kab"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-in"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-za"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-math"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-mysql-connector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-officebean"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-ogltrans"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-pdfimport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-presentation-minimizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-presenter-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-qa-api-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-qa-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-report-builder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-report-builder-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-sdbc-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-andromeda"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-crystal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-galaxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-hicontrast"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-human"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-industrial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-oxygen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-style-tango"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-wiki-publisher"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-writer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-uno"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ttf-opensymbol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:uno-libs3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:uno-libs3-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ure"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ure-dbg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|9\.04|9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"broffice.org", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libmythes-dev", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libuno-cil", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"mozilla-openoffice.org", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-base", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-base-core", pkgver:"1:2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-calc", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-common", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-core", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-dev", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-dev-doc", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-draw", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-dtd-officedocument1.0", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-evolution", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-filter-binfilter", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-filter-mobiledev", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-gcj", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-gnome", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-gtk", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-headless", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-impress", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-java-common", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-kde", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-l10n-in", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-l10n-za", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-math", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-officebean", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-ogltrans", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-presentation-minimizer", pkgver:"1.0+OOo2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-qa-api-tests", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-qa-tools", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-report-builder", pkgver:"1.0.2+OOo2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-sdbc-postgresql", pkgver:"0.7.5+OOo2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-style-andromeda", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-style-crystal", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-style-hicontrast", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-style-human", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-style-industrial", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-style-tango", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"openoffice.org-writer", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-uno", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"ttf-opensymbol", pkgver:"2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"ure", pkgver:"1.4+OOo2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"ure-dbg", pkgver:"1.4+OOo2.4.1-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"broffice.org", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cli-uno-bridge", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libmythes-dev", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libuno-cli-basetypes1.0-cil", pkgver:"1.0.12.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libuno-cli-cppuhelper1.0-cil", pkgver:"1.0.15.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libuno-cli-oootypes1.0-cil", pkgver:"1.0.1.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libuno-cli-ure1.0-cil", pkgver:"1.0.15.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libuno-cli-uretypes1.0-cil", pkgver:"1.0.1.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"mozilla-openoffice.org", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-base", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-base-core", pkgver:"1:3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-calc", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-common", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-core", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-dev", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-dev-doc", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-draw", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-dtd-officedocument1.0", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-emailmerge", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-evolution", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-filter-binfilter", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-filter-mobiledev", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-gcj", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-gnome", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-gtk", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-impress", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-java-common", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-kab", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-kde", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-l10n-in", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-l10n-za", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-math", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-officebean", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-pdfimport", pkgver:"0.3.2+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-presentation-minimizer", pkgver:"1.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-presenter-console", pkgver:"1.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-report-builder", pkgver:"1.0.5+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-report-builder-bin", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-sdbc-postgresql", pkgver:"0.7.6+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-style-andromeda", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-style-crystal", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-style-galaxy", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-style-hicontrast", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-style-human", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-style-industrial", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-style-tango", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-wiki-publisher", pkgver:"1.0+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"openoffice.org-writer", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-uno", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ttf-opensymbol", pkgver:"3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"uno-libs3", pkgver:"1.4.1+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"uno-libs3-dbg", pkgver:"1.4.1+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ure", pkgver:"1.4.1+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"ure-dbg", pkgver:"1.4.1+OOo3.0.1-9ubuntu3.3")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"broffice.org", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"cli-uno-bridge", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libmythes-dev", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libuno-cli-basetypes1.0-cil", pkgver:"1.0.14.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libuno-cli-cppuhelper1.0-cil", pkgver:"1.0.17.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libuno-cli-oootypes1.0-cil", pkgver:"1.0.3.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libuno-cli-ure1.0-cil", pkgver:"1.0.17.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libuno-cli-uretypes1.0-cil", pkgver:"1.0.3.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"mozilla-openoffice.org", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-base", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-base-core", pkgver:"1:3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-calc", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-common", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-core", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-dev", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-dev-doc", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-draw", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-dtd-officedocument1.0", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-emailmerge", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-evolution", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-filter-binfilter", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-filter-mobiledev", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-gcj", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-gnome", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-gtk", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-impress", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-java-common", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-kde", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-l10n-in", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-l10n-za", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-math", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-officebean", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-ogltrans", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-pdfimport", pkgver:"1.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-presentation-minimizer", pkgver:"1.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-presenter-console", pkgver:"1.1.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-report-builder", pkgver:"1.1.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-report-builder-bin", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-sdbc-postgresql", pkgver:"0.7.6+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-andromeda", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-crystal", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-galaxy", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-hicontrast", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-human", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-industrial", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-oxygen", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-style-tango", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-wiki-publisher", pkgver:"1.0+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"openoffice.org-writer", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-uno", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ttf-opensymbol", pkgver:"3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"uno-libs3", pkgver:"1.5.1+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"uno-libs3-dbg", pkgver:"1.5.1+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ure", pkgver:"1.5.1+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"ure-dbg", pkgver:"1.5.1+OOo3.1.1-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"broffice.org", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"cli-uno-bridge", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libmythes-dev", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libuno-cli-basetypes1.0-cil", pkgver:"1.0.15.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libuno-cli-cppuhelper1.0-cil", pkgver:"1.0.18.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libuno-cli-oootypes1.0-cil", pkgver:"1.0.4.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libuno-cli-ure1.0-cil", pkgver:"1.0.18.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libuno-cli-uretypes1.0-cil", pkgver:"1.0.4.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"mozilla-openoffice.org", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-base", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-base-core", pkgver:"1:3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-calc", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-common", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-core", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-dev", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-dev-doc", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-draw", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-dtd-officedocument1.0", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-emailmerge", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-evolution", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-filter-binfilter", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-filter-mobiledev", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-gcj", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-gnome", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-gtk", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-impress", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-java-common", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-kde", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-l10n-in", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-l10n-za", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-math", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-mysql-connector", pkgver:"1.0.1+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-officebean", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-ogltrans", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-pdfimport", pkgver:"1.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-presentation-minimizer", pkgver:"1.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-presenter-console", pkgver:"1.1.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-report-builder", pkgver:"1.2.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-report-builder-bin", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-sdbc-postgresql", pkgver:"0.7.6+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-andromeda", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-crystal", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-galaxy", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-hicontrast", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-human", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-industrial", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-oxygen", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-style-tango", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-wiki-publisher", pkgver:"1.1+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-writer", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"python-uno", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"ttf-opensymbol", pkgver:"3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"uno-libs3", pkgver:"1.6.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"uno-libs3-dbg", pkgver:"1.6.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"ure", pkgver:"1.6.0+OOo3.2.0-7ubuntu4.1")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"ure-dbg", pkgver:"1.6.0+OOo3.2.0-7ubuntu4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "broffice.org / cli-uno-bridge / libmythes-dev / libuno-cil / etc"); }NASL family Windows NASL id OPENOFFICE_321.NASL description The version of Oracle OpenOffice.org installed on the remote host is prior to 3.2.1. It is, therefore, affected by several issues : - There is a TLS/SSL renegotiation vulnerability in the included third-party OpenSSL library. (CVE-2009-3555) - There is a python scripting vulnerability that could lead to undesired code execution when using the OpenOffice scripting IDE. (CVE-2010-0395) last seen 2020-06-01 modified 2020-06-02 plugin id 46814 published 2010-06-07 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46814 title Oracle OpenOffice.org < 3.2.1 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(46814); script_version("1.15"); script_cvs_date("Date: 2018/07/16 14:09:15"); script_cve_id("CVE-2009-3555", "CVE-2010-0395"); script_bugtraq_id(36935, 40599); script_name(english:"Oracle OpenOffice.org < 3.2.1 Multiple Vulnerabilities"); script_summary(english:"Checks the version of OpenOffice.org"); script_set_attribute( attribute:"synopsis", value: "The remote Windows host has an application installed that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Oracle OpenOffice.org installed on the remote host is prior to 3.2.1. It is, therefore, affected by several issues : - There is a TLS/SSL renegotiation vulnerability in the included third-party OpenSSL library. (CVE-2009-3555) - There is a python scripting vulnerability that could lead to undesired code execution when using the OpenOffice scripting IDE. (CVE-2010-0395)" ); script_set_attribute( attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2009-3555.html" ); script_set_attribute( attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-0395.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Oracle OpenOffice.org version 3.2.1 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"vuln_publication_date",value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date",value:"2010/06/07"); script_set_attribute(attribute:"plugin_publication_date",value:"2010/06/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:openoffice.org"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("openoffice_installed.nasl"); script_require_keys("SMB/OpenOffice/Build"); exit(0); } build = get_kb_item("SMB/OpenOffice/Build"); if (build) { matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)"); if (!isnull(matches)) { buildid = int(matches[2]); if (buildid < 9502) security_hole(get_kb_item("SMB/transport")); else exit(0,"Build " + buildid + " is not affected."); } } else exit(1, "The 'SMB/OpenOffice/Build' KB item is missing.");NASL family Fedora Local Security Checks NASL id FEDORA_2010-9628.NASL description A security vulnerability in OpenOffice.org, related to python scripting, might lead to unexpected code execution when using the built-in scripting IDE for exploring python code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47544 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47544 title Fedora 11 : openoffice.org-3.1.1-19.13.fc11 (2010-9628) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-9628. # include("compat.inc"); if (description) { script_id(47544); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:33"); script_cve_id("CVE-2010-0395"); script_bugtraq_id(38218); script_xref(name:"FEDORA", value:"2010-9628"); script_name(english:"Fedora 11 : openoffice.org-3.1.1-19.13.fc11 (2010-9628)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "A security vulnerability in OpenOffice.org, related to python scripting, might lead to unexpected code execution when using the built-in scripting IDE for exploring python code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=574119" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?79ba4e83" ); script_set_attribute( attribute:"solution", value:"Update the affected openoffice.org package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openoffice.org"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"openoffice.org-3.1.1-19.13.fc11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org"); }NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-321-090221.NASL description This update of OpenOffice_org fixes the following security issue : - Arbitrary macros written in Python can be executed by bypassing macro security permissions. (CVE-2010-0395) It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.1.html . For further SUSE Linux Enterprise specific fixes please refer to the changelog of the OpenOffice_org RPM package. last seen 2020-06-01 modified 2020-06-02 plugin id 50879 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50879 title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2589) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(50879); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2010-0395"); script_name(english:"SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2589)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of OpenOffice_org fixes the following security issue : - Arbitrary macros written in Python can be executed by bypassing macro security permissions. (CVE-2010-0395) It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.1.html . For further SUSE Linux Enterprise specific fixes please refer to the changelog of the OpenOffice_org RPM package." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=607095" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0395.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 2589."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:procps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLES11", sp:0, cpu:"i586", reference:"procps-3.2.7-151.3")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"procps-3.2.7-151.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-321-100624.NASL description This update of OpenOffice_org fixes the following security issue : - Arbitrary macros written in Python can be executed by bypassing macro security permissions. (CVE-2010-0395) It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.1.html . For further SUSE Linux Enterprise specific fixes please refer to the changelog of the OpenOffice_org RPM package. last seen 2020-06-01 modified 2020-06-02 plugin id 50880 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50880 title SuSE 11 / 11.1 Security Update : OpenOffice_org (SAT Patch Numbers 2586 / 2589) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-221.NASL description Multiple vulnerabilities was discovered and corrected in the OpenOffice.org : Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow (CVE-2009-2949). Heap-based buffer overflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression (CVE-2009-2950). Integer underflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document (CVE-2009-3301). boundary error flaw allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document (CVE-2009-3302). Lack of properly enforcing Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document (CVE-2010-0136). User-assisted remote attackers are able to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed (CVE-2010-0395). Impress module does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an integer truncation error (CVE-2010-2935). Integer overflow in the Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow (CVE-2010-2936). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 This update provides OpenOffice.org packages have been patched to correct these issues and additional dependent packages. last seen 2020-06-01 modified 2020-06-02 plugin id 50503 published 2010-11-07 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50503 title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:221) NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-7079.NASL description This update of OpenOffice_org fixes the following security issue : - Arbitrary macros written in Python can be executed by bypassing macro security permissions. (CVE-2010-0395) It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.1.html . For further SUSE Linux Enterprise specific fixes please refer to the changelog of the OpenOffice_org RPM package. last seen 2020-06-01 modified 2020-06-02 plugin id 51686 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51686 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 7079) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0459.NASL description Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. [Updated 16 June 2010] The packages list in this erratum has been updated to include missing packages for the last seen 2020-06-01 modified 2020-06-02 plugin id 47031 published 2010-06-17 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47031 title CentOS 5 : openoffice.org (CESA-2010:0459) NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100622.NASL description This update of OpenOffice_org does not allow macros written in Python to be executed without permission, CVE-2010-0395. last seen 2020-06-01 modified 2020-06-02 plugin id 47757 published 2010-07-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47757 title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (openSUSE-SU-2010:0386-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0459.NASL description Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. [Updated 16 June 2010] The packages list in this erratum has been updated to include missing packages for the last seen 2020-06-01 modified 2020-06-02 plugin id 46835 published 2010-06-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46835 title RHEL 4 / 5 : openoffice.org (RHSA-2010:0459) NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPENOFFICE_ORG-100622.NASL description This update of OpenOffice_org does not allow macros written in Python to be executed without permission, CVE-2010-0395. last seen 2020-06-01 modified 2020-06-02 plugin id 47755 published 2010-07-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47755 title openSUSE Security Update : OpenOffice_org (openSUSE-SU-2010:0386-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9633.NASL description CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47545 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47545 title Fedora 13 : openoffice.org-3.2.0-12.24.fc13 (2010-9633) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2055.NASL description It was discovered that OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(r) Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component. last seen 2020-06-01 modified 2020-06-02 plugin id 46830 published 2010-06-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46830 title Debian DSA-2055-1 : openoffice.org - macro execution NASL family Scientific Linux Local Security Checks NASL id SL_20100607_OPENOFFICE_ORG_ON_SL5_X.NASL description A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially crafted OpenOffice.org document and previewed the macro directory structure, it could lead to Python macro execution even if macro execution was disabled. (CVE-2010-0395) All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60799 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60799 title Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64 NASL family Scientific Linux Local Security Checks NASL id SL_20100607_OPENOFFICE_ORG2_ON_SL4_X.NASL description A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially crafted OpenOffice.org document and previewed the macro directory structure, it could lead to Python macro execution even if macro execution was disabled. (CVE-2010-0395) All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60798 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60798 title Scientific Linux Security Update : openoffice.org2 on SL4.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-321-100505.NASL description This update of OpenOffice_org fixes the following security issue : - Arbitrary macros written in Python can be executed by bypassing macro security permissions. (CVE-2010-0395) It also provides the maintenance update to OpenOffice.org-3.2.1. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.1.html . For further SUSE Linux Enterprise specific fixes please refer to the changelog of the OpenOffice_org RPM package. last seen 2020-06-01 modified 2020-06-02 plugin id 51595 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51595 title SuSE 11.1 Security Update : OpenOffice_org (SAT Patch Number 2586) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9576.NASL description A security vulnerability in OpenOffice.org, related to python scripting, might lead to unexpected code execution when using the built-in scripting IDE for exploring python code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47543 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47543 title Fedora 12 : openoffice.org-3.1.1-19.32.fc12 (2010-9576)
Oval
| accepted | 2013-04-29T04:11:25.583-04:00 | ||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||
| description | OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. | ||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:11091 | ||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
| title | OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. | ||||||||||||||||||||||||
| version | 28 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html
- http://www.vupen.com/english/advisories/2010/1369
- http://ubuntu.com/usn/usn-949-1
- http://secunia.com/advisories/40084
- http://www.vupen.com/english/advisories/2010/1350
- http://secunia.com/advisories/40104
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html
- https://bugzilla.redhat.com/show_bug.cgi?id=574119
- http://secunia.com/advisories/40070
- http://www.openoffice.org/security/cves/CVE-2010-0395.html
- http://www.vupen.com/english/advisories/2010/1366
- http://www.redhat.com/support/errata/RHSA-2010-0459.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html
- http://secunia.com/advisories/40107
- http://www.vupen.com/english/advisories/2010/1353
- http://www.debian.org/security/2010/dsa-2055
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://www.us-cert.gov/cas/techalerts/TA10-287A.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
- http://www.vupen.com/english/advisories/2010/2905
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://secunia.com/advisories/60799
- http://secunia.com/advisories/41818
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091